ib.adnxs is browser redirect malware that installs into your browser, and sends your web searches to different sites instead of where you want to go. It will persistently popup its own addresses in your browser. It will change your home page and search engine settings, and may change your DNS settings. There is disagreement whether this is a simple browser redirect entry, or a Trojan or possibly a rootkit. The instructions below cover removing the redirect commands from your browser(s), however the problem may recur if the malware is a persistent trojan or rootkit virus.
Download Malwarebytes from http://www.malwarebytes.org
and CCleaner http://computer-answers.ca/2011/computer-questions/windows-questions/favorite-windows-utilities-from-piriform/
I would recommend starting in Safe mode (F8) and running a Full Malwarebytes scan to check the machine and registry. Running CCleaner to clean the registry wouldnâ€™t hurt either.
Then clean the browsers individually:
Go to Manage Search Engines in Firefox and remove any entries for adnxs
Check if you have adnxs in your Firefox menu > Add Ons and remove any items for adnxs. Check both the Plug ins tab and the Extensions tab (on older versions, Tools > Add-ons).
Set the Home page to the search engine of your choice (the default Google search entry is http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= )
Remove adnxs or any unknown search engine entry from the search engine default for unrecognized pages
- In the address bar enter â€œabout:configâ€ and hit Enter
- Bypass the warranty screen(s) by clicking
- On the next screen enter â€œadnxsâ€ in the Filter window (a search in the config)
- If you find adnxs or unknown entries showing up.
- Highlight each of these entries one at a time, right click and choose â€œresetâ€.
- When finished.close the file.
- Click on the wrench icon in the Google Chrome address bar and from the drop down menu select Settings > Extensions or Tools > Extensions â€” depending on your version
(or enter chrome://settings/extensions in the location bar)
- Check if any items of adnxs or unknown entries are listed in the browser Extensions. If the Click on uninstall to remove the toolbar(s) from the browser.
- Close the window. Choose the wrench icon again and depending on your version choose Settings > Settings or Options from the drop down menu.
- Check the Home Page setting under Basics to see if adnxs or unknown entries are listed. Replace it with another search engine that you want to use for your home page.
- Click Manage search engines, check if adnxs or unknown entries are listed on the page. Hover your mouse over the entries, click the X icon to uninstall it. Go back to the previous page and pick another available search engine as the default browser search engine.
- Check the On Start Up entry in Settings, click on Go to a specific pageâ€¦ and enter http://www.Google.com or your preferred search engine.
If you donâ€™t have any preferences and settings in Internet Explorer that you particularly want to keep, you can do a reset of the IE Settings http://www.microsoft.com/security/pc-security/browser-hijacking.aspx
Otherwise you can remove it manually
Delete the adnxs or unknown entries in Toolbars
- Open Internet Explorer and click on â€œToolsâ€.
- Select â€œManage Add Onsâ€, search for adnxs or unknown entries in the list of add-ons.
- Right Click on the adnxs or unknown entries and select â€œdisableâ€.
- Click on â€œOkâ€ and restart Internet Explorer.
Restore your home page to the one you want
Remove adnxs or unknown entries from the search engine default for unrecognized pages (note this requires editing your Registry. Back it up first. If you are not confident, refer the work to someone experienced)
- Open â€œRegEditâ€ through the launch menu.
- Find this entry
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\About URLs\Tabs
- Change the entry that points to adnxs or unknown entries, to the search engine you want (Google for example).
Check your DNS settings
Go to Start menu > Control Panel > right-click Local Area Connection > double-click Properties
Select Internet Protocol(TCP/IP), and then click on Properties
Check: Obtain DNS server address automatically, and then click OK
– OR – manually enter the OpenDNS server addresses
After removing and resetting, I would recommend starting in Safe mode (F8) and running Malwarebytes or SuperAntiSpyware again to check the machine and registry, and run CCleaner to clean the registry. Then test your browser(s) by opening them and typing in some nonsense in the URL/location bar to make sure the defaults have been successfully changed.
You may have the adnxs still remaining on your machine
Go to C:\Program Files\ and delete any folder related to adnxs
Go to C:\Program Files (X86) and delete any folder related to adnxs
Restart the machine in Safe Mode (F8) and run CCleaner
- Open CCleaner,
- Click Tools,
- Select adnxs from the list if it is on it,
- Click Uninstall.
- Run the Registry tool,
- Run the cleaner.
List of files for manual removal – a complication for manual removal is that adnxs is reputed to be able to randomize filenames and entries. The following suggestions have been copied from online sources which have not been tested. Please do not alter your machine or registry unless you know what you are doing.
Delete associated files of Ib.adnxs.com Redirect virus:
Remove registry entries of isearch.claro-search.com Redirect virus:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\â€œUninstallStringâ€ = â€œâ€˜%AppData%\[RANDOM]\[RANDOM].exeâ€ -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\â€œShortcutPathâ€ = â€œâ€˜C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exeâ€ -uâ€™â€
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce â€œ5ATIUYW62OUOMNBX256â€ = â€œâ€˜C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exeâ€™
About Browser Security:
Installing an Ad blocker in your Web browser or turning on the browsers anti-popup features is a first step, but it is not enough.